Segmentation faults on second plugin invocation.

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Segmentation faults on second plugin invocation.

Dr. Greg Wettstein
Hi, I hope the weekend has gone well for everyone.

We are in the process of doing an upgrade to our Hurdo utility which
allows remote sudo privilege escalations to be authenticated by
transmission of an AP-REQ packet via an SSH channel.  The previous
version is available at the following site if anyone wants to come up
to speed on it:

ftp://ftp.hurderos.org/pub/Hurdo/Hurdo-0.2.0.tar.gz

We are adding PKINIT support to allow the short lived TGT used to
authenticate the AP-REQ to be requested via a cert/key held in a
process specific keyring attached to the ssh client process.  It all
works as it should until a second sudo attempt is requested at which
time the client crashes with a segmentation fault which appears to
originate in the bowels of the plugin code, ie:

---------------------------------------------------------------------------
#0  0xf738766c in malloc_consolidate () from /lib/libc.so.6
#1  0xf738982d in _int_malloc () from /lib/libc.so.6
#2  0xf738b3f7 in calloc () from /lib/libc.so.6
#3  0xf777435a in _dl_new_object () from /lib/ld-linux.so.2
#4  0xf776fcd1 in _dl_map_object_from_fd () from /lib/ld-linux.so.2
#5  0xf7771d6b in _dl_map_object () from /lib/ld-linux.so.2
#6  0xf777c205 in dl_open_worker () from /lib/ld-linux.so.2
#7  0xf7777dd2 in _dl_catch_error () from /lib/ld-linux.so.2
#8  0xf777bb6e in _dl_open () from /lib/ld-linux.so.2
#9  0xf75eac3f in dlopen_doit () from /lib/libdl.so.2
#10 0xf7777dd2 in _dl_catch_error () from /lib/ld-linux.so.2
#11 0xf75eb10c in _dlerror_run () from /lib/libdl.so.2
#12 0xf75eab5c in dlopen@@GLIBC_2.1 () from /lib/libdl.so.2
#13 0xf73125f8 in krb5int_open_plugin ()
   from /usr/local/krb5/lib/libkrb5support.so.0
#14 0x09b0af38 in ?? ()
#15 0x00000002 in ?? ()
#16 0xffadb214 in ?? ()
#17 0x00000000 in ?? ()
---------------------------------------------------------------------------

Is it a known limitation that the PKINIT authentication cannot be
requested from the same process twice?  If so does anyone have any
pointers/ideas on what needs to be done to fix this.

We are currently doing this work against 1.12.1.

Thanks in advance for any pointers/suggestions.

Have a good week.

As always,
Dr. G.W. Wettstein, Ph.D.   Enjellic Systems Development, LLC.
4206 N. 19th Ave.           Specializing in information infra-structure
Fargo, ND  58102            development.
PH: 701-281-1686
FAX: 701-281-3949           EMAIL: [hidden email]
------------------------------------------------------------------------------
"Artifical Intelligence stands no chance against Natural Stupidity."
                                -- John Henders

_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev
Reply | Threaded
Open this post in threaded view
|

Re: Segmentation faults on second plugin invocation.

Greg Hudson
On 12/14/2014 01:16 PM, Dr. Greg Wettstein wrote:
> #0  0xf738766c in malloc_consolidate () from /lib/libc.so.6

A crash in malloc indicates prior memory corruption, which could have
occurred anywhere in the process code.  You'll need to use a tool such
as valgrind to isolate the original cause.

If you do determine that memory corruption occurred in the MIT krb5 code
base and not elsewhere, please send your findings to
[hidden email] (and not to this public list).
_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev